Check for crypto size overflow Bug: 111922341 Test: build Change-Id: Icfe2d15c13f1b4bb77e0a9684ffc1284f557e6d5

commit: 62e83c9512486a24f0cfd3fe25ba5f2b4f2c2fe5 [log] [tgz]
author: Marco Nelissen <marcone@google.com> Tue Jul 31 15:25:58 2018 -0700
committer: Marco Nelissen <marcone@google.com> Tue Jul 31 15:25:58 2018 -0700
tree: b4d27ae99d0bc9ee8e30a11f62c04217d05c1930
parent: 19283e9de83b5ade80a93b43589ea9a799414290 [diff]
diff --git a/media/libmediaplayerservice/nuplayer/NuPlayerDrm.cpp b/media/libmediaplayerservice/nuplayer/NuPlayerDrm.cpp
index bde0862..8d876da 100644
--- a/media/libmediaplayerservice/nuplayer/NuPlayerDrm.cpp
+++ b/media/libmediaplayerservice/nuplayer/NuPlayerDrm.cpp

@@ -239,8 +239,14 @@
         size_t *encryptedbytes)
 {
     // size needed to store all the crypto data
-    size_t cryptosize = sizeof(CryptoInfo) +
-                        sizeof(CryptoPlugin::SubSample) * numSubSamples;
+    size_t cryptosize;
+    // sizeof(CryptoInfo) + sizeof(CryptoPlugin::SubSample) * numSubSamples;
+    if (__builtin_mul_overflow(sizeof(CryptoPlugin::SubSample), numSubSamples, &cryptosize) ||
+            __builtin_add_overflow(cryptosize, sizeof(CryptoInfo), &cryptosize)) {
+        ALOGE("crypto size overflow");
+        return NULL;
+    }
+
     CryptoInfo *ret = (CryptoInfo*) malloc(cryptosize);
     if (ret == NULL) {
         ALOGE("couldn't allocate %zu bytes", cryptosize);
commit	62e83c9512486a24f0cfd3fe25ba5f2b4f2c2fe5	[log] [tgz]
author	Marco Nelissen <marcone@google.com>	Tue Jul 31 15:25:58 2018 -0700
committer	Marco Nelissen <marcone@google.com>	Tue Jul 31 15:25:58 2018 -0700
tree	b4d27ae99d0bc9ee8e30a11f62c04217d05c1930
parent	19283e9de83b5ade80a93b43589ea9a799414290 [diff]